Increasingly, a VPN (virtual private network) is being recognised as a valuable element of every type of security setup and is not just for businesses or individuals who are very tech-savvy. For many domestic users, the ability to increase their anonymity online feels increasingly crucial – as public awareness around cybersecurity continues to grow in the face of high-profile cyber attacks.
For people researching VPNs for the first time, the concept can be very confusing. From the multitude of options, including paid or free clients, to a plethora of different features, there is a lot to consider.
One topic that regularly comes up is around the importance of online logging. But what exactly is it, and how does it affect users? For many people looking to purchase a VPN, the promise of a service with no logging is considered essential – after all, a major benefit of VPN use is closer control over who has access to your data. But is this really the case?
Types of VPN logging
From a user perspective, connection logs are not of particular concern. This type of log is a simple record of when users connect to the service. This can include the user’s IP address, their VPN address, date and time of connections, duration of connections and the amount of data transferred. Importantly, what this doesn’t include is the details of a user’s activity, sites they have visited, etc. only that they have used a VPN service.
In most cases this information is used internally, allowing providers to identify issues with their services, troubleshoot problems that arise and to monitor usage for those who are using accounts with monthly data caps.
As a VPN service has the same visibility as your ISP, there is a lot of information that they could potentially collect. This could include:
- Sites visited
- Tools used
- Files downloaded
- Devices you have connected with
Unlike connection logs, which have a legitimate use, there is little reason for a VPN to store all of a user’s traffic information other than if they plan to sell it to third parties. Many providers will not be explicit about this in their wording, so be sure to read carefully before committing to a product.
It is important to note that many providers who claim to not use logging are referring to usage logs, and do still collect connection logs from their users.
Why does it matter?
A common argument is that if someone is doing nothing wrong then they have nothing to hide, but when you consider that a number of free VPN services available, many are funded by providing targeted advertising to users or selling their data to third-parties. Even Facebook was forced to pull their Onavo VPN service from the Apple App Store in August 2018, in a row over controversial data collection methods used by the app – which monitored user activity and used it to inform marketing campaigns.
The question is no longer about if users have done anything wrong, instead, they need to carefully consider which companies can be trusted to protect their data and use it responsibly.
This is not a case of trying to avoid the law, but to maintain control over who has access to your data and how it is used.
Is it worth trying to escape logging?
Many VPN providers use Virtual Private Servers (VPS) as a cost-saving measure, but they can also be a weak point for privacy. This is because many of these servers keep their own logs. Even if the VPN service has a ‘no log’ policy, this does not mean your data is not being collected elsewhere.
In addition, UK-based VPN services will be subject to the Investigatory Powers Act, better known as the Snooper’s Charter, which requires the services to provide information by law when it is requested by the police or intelligence agencies. Many countries also struggle with similar policies. While some users will seek to avoid this, for the majority of users who simply want increased security when they are shopping online, this is not really a big issue, as the same information could also be requested from their ISP.
The reality of logging is that, despite bold claims of ‘no logging’, it is hard to be sure if your data is being collected or not. While it is likely that free providers may be using your data to fund their product, most paid options will be secure and only collect data that is required by law, or for the operation of their services.
While this does not mean you can avoid logging, you can at least be sure of what data is being collected and why. The key when choosing a VPN provider is to do your research and choose a service that offers transparency in how they deal with your data.
Ultimately, logging doesn’t have to be as big an issue as online discussions may have you believe if you have a provider that you can trust to be transparent about how your data logs are used and stored.